Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Harden GitHub Actions Workflow - test.yml #97

Open
stepsecurity-int bot opened this issue Feb 21, 2025 · 0 comments
Open

Harden GitHub Actions Workflow - test.yml #97

stepsecurity-int bot opened this issue Feb 21, 2025 · 0 comments

Comments

@stepsecurity-int
Copy link

Summary

This issue is created by StepSecurity related to security issues in test.yml . The platform has identified 1 vulnerability (1 critical, 0 high, 0 medium, 0 low).

Remediation Overview

The platform can generate remediations for a few vulnerabilities. For such vulnerabilities, you can find the fixed workflow file in the Suggested Fix For Auto-Remediable Issues section. You can manually deploy these changes or create a pull request by commenting @stepsecurity-int pull-request create on this issue.

If you’d like an automated pull request with the fixed workflow file, comment:

@stepsecurity-int pull-request create

Other issues require manual investigation and changes.

Once a vulnerability has been remediated, ✅ will appear in the title. Note that it may take up to 24 hours for these issues to be updated.

Please review the individual vulnerability section below and follow the recommended resolution steps.

Security Checks Details

❌ Actions should be pinned to a full-length commit SHA

Suggested Fix For Auto-Remediable Issues

Below is the updated workflow, which fixes the following security vulnerabilities:

  • Actions should be pinned to a full-length commit SHA
  name: "Test"
  on:
    pull_request:
      types:
        - opened
        - reopened
        - synchronize
  permissions:
    contents: read
  jobs:
    main:
      runs-on: ubuntu-latest
      steps:
        - name: Harden Runner
          uses: step-security/harden-runner@
+ 4d991eb9b905ef189e4c376166672c3f2f230481 # 
  v2
+ .11.0
          with:
            egress-policy: audit
        - uses: actions/checkout@
+ f43a0e5ff2bd294095638e18286ca9a3d1956744 # 
  v3
+ .6.0
        - uses: ./
          id: string
          with:
            string: XyZzY
        - id: step2
          run: echo ${{ steps.string.outputs.lowercase }}

Additional Information

For more information, refer to the documentation page here.
Please don't make any changes in the description as the platform makes automated updates in description. Please use the comment section below to provide input.

Automated remediation commands and options
  • Create a pull request with automated security fixes
@stepsecurity-int pull-request create
  • Close this issue and prevent it from being reopened
@stepsecurity-int issue close <REASON>
  • Update issue description with latest security check status
@stepsecurity-int issue force-update
  • View all available commands and their usage
@stepsecurity-int help
Which GitHub Actions security best practices were evaluated?

The workflow was evaluated for the following GitHub Actions security best practices:

  • Network & runtime security monitoring
  • Token permissions
  • Third‐party GitHub Actions usage & pinning
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
0 participants